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What is claimed is: 
l^r^- I- A method of thwarting denial of service attacks on a 
victim data cent er_ coupled to a network comprises: 

monitoring network traffic through monitors disposed 
at a plurality of points in the network; and 

communicating data from the monitors, over a hardened, 
redundant network, to a central controller. 

^ 2, The method of claim 1 wherein the hardened redundant 
network is inaccessible to the attacker. 
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2__ r 3. The method of claim 1 further comprising: 
P monitoring network traffic through a gateway that ^ 

^ passes network packets, the gateway being disposed at an ^ 

y edge of the network to protect the data center, with the 

gateway coupled to the control center by the redundant 
hardened network. 

\ 4. The method of claim 1 further comprising: 

analyzing network traffic statistics to identify 
malicious network traffic; and 
1~ filtering the network traffic based on results of 

analyzing the network traffic to discard network traffic 
that is identified as malicious network traffic during 
analyzing of the network traffic. 

5. The method of claim 1 wherein the (gateway is located 
at network entry points of victim data centers. 
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6. The method of claim 1 further comprising: 
performing intelligent traffic analysis and filtering 

to identify the malicious traffic and to eliminate the 
malicious traffic. 

7. The method of claim 3 wherein performing intelligent 
traffic analysis and filtering is performed by the gateways 
and the control center. 

8 . The method of claim 3 wherein the gateways perform 
intelligent traffic analysis and filtering. 

■\ 

9. The method of claim 1 wherein the monitors include 



•0 data collectors that sample packet traffic, accumulate, and 

hj collect statistical information about network flows. 



IJ* 10. The method of claim 9 wherein the data collectors are 

jcSt 

located at major peering points and network points of 



presence . 
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11. The method of claim 1 wherein the control center 

Q 

aggregates traffic information and coordinates measures to 
track down and block the sources of an attack. 



J % C*^ A d istribut ed^ system to thwarting denial of service 

attacks comprises : 

a plurality of moni tors dispersed throughout a 
network, the monitors collecting statistical data for 
performance of intelligent traffic analysis and filtering 



to identify malicious traffic and to eliminate the 
malicious traffic to thwart the denial of service attack. 
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13. The distributed system of claim 12 further comprising: 
a control center coupled to the plurality of data 

collectors by a hardened redundant connection to 
communicate the data to the control center; and wherein the 
control centers performs the intelligent traffic analysis 
to identify the malicious traffic. 

14. The distributed system of claim 13 further comprising: 
at least one gateway device that passes network 

packets between the network and the victim site, the 
gateway disposed to protect a victim site, and being 
coupled to the control center by the redundant hardened 
network. 

15. A system for thwarting denial of service attacks on a 
victim data center coupled to a network comprises: 

a first plurality of monitors that monitor network 
traffic flow through the network, the first plurality of 
monitors disposed at a second plurality of points in the 
network; and 

a central controller that receives data from the 
plurality of monitors, over a hardened, redundant network, 
the central controller analyzing network traffic statistics 
to identify malicious network traffic. 

16. The system of claim 15 wherein the hardened redundant 



nel^orjc^is inaccessible to the attacker. 

17. The system of claim 15 further comprising: 

at least one gateway that passes network packets 
between the network and the victim data center, the gateway 
disposed to protect potential victim data center and being 
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coupled to the control center by the redundant hardened 
network. 

18. The system of claim 17 wherein the gateway is disposed 
at an edge of the network at victim data center. 

19. The system of claim 17 wherein the gateway analyzes 
network traffic statistics to identify malicious network 
traffic and filters the network traffic based on results of 
analyzing the network traffic to discard network traffic 
that is identified as malicious network traffic during 
analyzing of the network traffic. 

20. The system of claim 17 wherein the gateway is located 
at the edge of the network that is an entry point to the 
victim data center. 

21. The system of claim 17 wherein both the gateway and 
the control center perform intelligent traffic analysis and 
filtering to identify the malicious traffic and to 
eliminate the malicious traffic. 

* 

22. The system of claim 15 wherein the data collectors 
sample packet traffic, and accumulate and collect 
statistical information about network flows. 

23. The system of claim 15 wherein the data collectors are 
located at major peering points and network points of 
presence . 

24. The system of claim 17 wherein the data collectors 
sample packet traffic, and accumulate and collect 
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statistical information about network flows and are locate 
at major peering points and network points of presence. 

25. The system of claim 17 wherein the control center 
aggregates traffic information and coordinates measures to 
track down and block the sources of an attack. 

26. The system of claim 17 wherein the gateway includes a 
process to communicate with the control center over the 
hardened network. 

27. The system of claim 17 wherein the gateway includes a 
process to allow an administrator to insert filters to 
discard packets that are deemed to be part of an attack, a 
determined by heuristics of the traffic flow. 

28. A distributed system to thwart denial of service 
attacks comprises : 

a plurality of gateways dispersed throughout a 
network, near data centers that might be sources of an 
attack, the gateways collecting statistical data for 
performance of intelligent traffic analysis and filtering 
identify malicious traffic at the source of an attack to 
eliminate the malicious traffic and thwart the denial of 
service attack. 
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